Mid April the first episode of Game of Thrones’ fifth season will find its way onto dozens of torrent sites.

Like previous years, a few hours later millions of people will have downloaded this unofficial release.

Traditionally, pirates have used “availability” as an excuse to download movies and TV-shows from illegal sources. In some countries there is simply no legal option available, the arguments often go.

To remove this piracy incentive HBO has made sure that the new Game of Thrones series is available in as many countries as possible. The company recently announced that it will air in 170 countries roughly at the same time as the U.S. release.

This decision is being framed as an anti-piracy move and may indeed have some effect. However, availability is not the only reason why so many people choose to download the show from unauthorized sources.

In fact, if we look at the list of countries where most Game of Thrones downloaders came from last year, we see that it was legally available in all of these countries.

Data gathered during the first 12 hours of the season 4 premiere revealed that most downloads originated from Australia, followed by the United States, the United Kingdom, Canada and the Netherlands. So there must be something else going on.

Pricing perhaps?

The price tag attached to many of legal services may be too high for some. In Australia, for example, it cost $500 to follow last year’s season and in the U.S. some packages were priced as high as $100 per month.

This year there is some positive change to report in the US, as iTunes now offers a $15-per-month subscription without the need for a cable subscription. But if the steep prices remain in most countries it’s unlikely that the piracy rates will drop significantly.

This is nothing new for HBO of course. The company has probably considered offering separate and cheaper Game of Thrones packages, but while this may result in less pirates it will also severely hurt the value of their licensing deals and full subscription plans.

And aside from the financials, piracy also has it upsides.

Game of Thrones director David Petrarca previously admitted that piracy generated much-needed “cultural buzz” around his show. Similarly, Jeff Bewkes, CEO of HBO’s parent company Time Warner, noted that piracy resulted in more subscriptions for his company and that receiving the title of “most-pirated” was “better than an Emmy.”

All in all it’s safe to say that Game of Thrones will be crowned the most pirated TV-show again in 2015. The only uncertainty right now is whether it will break last year’s BitTorrent “swarm record,” which currently stands at 254,114 simultaneous sharers.

More than two years ago movie studio Voltage Pictures took its legal crusade against pirating BitTorrent users to Canada.

After targeting tens of thousands of people in the US, the company hoped to expose 2,000 Internet subscribers of Canadian ISP TekSavvy. The studio behind “The Hurt Locker” argued that they have a solid case under the Copyright Act.

The efforts led to objections from the Canadian Internet Policy and Public Interest Clinic (CIPPIC) who demanded safeguards so Voltage wouldn’t demand hefty fines from subscribers without oversight. The court agreed on this, but allowed the customers to be exposed.

The only matter that remained were the costs associated with identifying the alleged pirates. According to Voltage these would only be a few hundred Canadian dollars, but Teksavvy claimed more that $350,000.

This week the Federal Court ruled on the matter (pdf), settling the costs at $21,557. This includes $17,057 in technical administrative costs and $4,500 in legal fees associated with the IP-address lookups.

The total sum translates to roughly $11 per IP-address, which is a tiny fraction of the thousands of dollars in settlements Voltage usually requests.

The Court decided not to award any assessment costs, noting that both parties are intent on disparaging each other’s business practices. Taking claims from both sides into account it concluded that neither party should be rewarded for its conduct.

“TekSavvy, without justification, has greatly exaggerated its claim, while Voltage has unreasonably sought to trivialize it based on unreliable and largely irrelevant evidence,” Judge Aronovitch writes.

In the future it would be wise to agree on a fixed rate for linking IP-addresses to the personal details of subscribers before taking the matter to court, the Judge further notes.

“The best practice, in my view, would be for the rights holder to ascertain, in advance, with clarity and precision, the method of correlation used by the ISP, as well as the time and costs attendant on the execution of the work based, to begin, on a hypothetical number of IP addresses.”

The verdict opens the door for more of these cases in Canada. The question is, however, whether the costs and the restrictions still make it worthwhile.

University of Ottawa professor Michael Geist, who followed the case closely, believes this troll-type activity may not be as financially viable as Voltage has hoped.

“With the cap on liability for non-commercial infringement, the further costs of litigating against individuals, the actual value of the works, and the need to obtain court approval on demand letters, it is hard to see how this is a business model that works,” Geist notes.

Voltage, however, appears to be determined to continue its actions against the subscribers. The studio’s lawyer is happy with the verdict and says the decision “confirms the court’s commitment to facilitate anti-piracy and allow companies like Voltage to pursue pirates.”

As a greater number of banks in the United States shift to issuing more secure credit and debit cards with embedded chip technology, fraudsters are going to direct more of their attacks against online merchants. No surprise, then, that thieves increasingly are turning to an emerging set of software tools to help them evade fraud detection schemes employed by many e-commerce companies.

Every browser has a relatively unique “fingerprint” that is shared with Web sites. That signature is derived from dozens of qualities, including the computer’s operating system type, various plugins installed, the browser’s language setting and its time zone. Banks can leverage fingerprinting to flag transactions that occur from a browser the bank has never seen associated with a customer’s account.

Payment service providers and online stores often use browser fingerprinting to block transactions from browsers that have previously been associated with unauthorized sales (or a high volume of sales for the same or similar product in a short period of time).

In January, several media outlets wrote about a crimeware tool called FraudFox, which is marketed as a way to help crooks sidestep browser fingerprinting. However, FraudFox is merely the latest competitor to emerge in a fairly established marketplace of tools aimed at helping thieves cash out stolen cards at online merchants.

Another fraudster-friendly tool that’s been around the underground hacker forums even longer is called Antidetect. Currently in version 6.0.0.1, Antidetect allows users to very quickly and easily change components of the their system to avoid browser fingerprinting, including the browser type (Safari, IE, Chrome, etc.), version, language, user agent, Adobe Flash version, number and type of other plugins, as well as operating system settings such as OS and processor type, time zone and screen resolution.

Antidetect is marketed to fraudsters involved in ripping off online stores.

The seller of this product shared the video below of someone using Antidetect along with a stolen credit card to buy three different downloadable software titles from gaming giant Origin.com. That video has been edited for brevity and to remove sensitive information; my version also includes captions to describe what’s going on throughout the video.

In it, the fraudster uses Antidetect to generate a fresh, unique browser configuration, and then uses a bundled tool that makes it simple to proxy communications through one of a hundreds of compromised systems around the world. He picks a proxy in Ontario, Canada, and then changes the time zone on his virtual machine to match Ontario’s.

Then our demonstrator goes to a carding shop and buys a credit card stolen from a woman who lives in Ontario. After he checks to ensure the card is still valid, he heads over the origin.com and uses the card to buy more than $200 in downloadable games that can be easily resold for cash. When the transactions are complete, he uses Antidetect to create a new browser configuration, and restarts the entire process — (which takes about 5 minutes from browser generation and proxy configuration to selecting a new card and purchasing software with it). Click the icon in the bottom right corner of the video player for the full-screen version.

I think it’s safe to say we can expect to see more complex anti-fingerprinting tools come on the cybercriminal market as fewer banks in the United States issue chipless cards. There is also no question that card-not-present fraud will spike as more banks in the US issue chipped cards; this same increase in card-not-present fraud has occurred in virtually every country that made the chip card transition, including Australia, Canada, France and the United Kingdom. The only question is: Are online merchants ready for the coming e-commerce fraud wave?

Continuing this trend various entertainment industry groups are now going after companies that offer domain name services.

The MPAA, for example, has joined the domain name system oversight body ICANN and is pushing for policy changes from the inside.

A few days ago the RIAA added more pressure. The music group sent a letter to ICANN on behalf of several industry players asking for tougher measures against pirate domains.

The RIAA’s senior vice president Victoria Sheckler wants the Internet to be a safe place for all, where music creation and distribution can thrive.

“… we expect all in the internet ecosystem to take responsible measures to deter copyright infringement to help meet this goal,” she notes.

The music groups believe, however, that domain registrars don’t do enough to combat piracy. ICANN’s most recent registrar agreement states that domain names should not be used for copyright infringement, but most registrars fail to take action in response.

Instead, many registrars simply note that it’s not their responsibility to act against pirate sites.

“We […] do not see how it is an appropriate response from a registrar to tell a complainant that it has investigated or responded appropriately to a copyright abuse complaint by stating it does not provide non-registrar related services to the site in question,” Sheckler writes.

In what appears to be a coordinated effort to pressure ICANN and other players in the domain name industry, the U.S. Government also chimed in last week.

According to the U.S. Trade Representative, Canada-based Tucows is reported as “an example of a registrar that fails to take action when notified of its clients’ infringing activity.”

Despite the critique, it’s far from clear that Tucows and other registrars are doing anything wrong. In fact, the Electronic Frontier Foundation notes that there is no law requiring registrars to disconnect pirate sites.

“Domain registrars do not have an obligation to respond to a random third party’s complaints about the behavior of a domain name user. Unless ordered by a court, registrars cannot be compelled to take down a website,” notes Jeremy Malcolm, EFF’s Senior Global Policy Analyst.

“What the entertainment industry groups are doing is exaggerating the obligations that registrars of global top-level domains (gTLDs) have under their agreement with ICANN to investigate reports of illegal activity by domain owners, an expansion of responsibilities that is, to put it mildly, extremely controversial, and not reflected in current laws or norms.”

Law or no law, the entertainment industry groups are not expected to back down. They hope that ICANN will help to convince registrars that pirate sites should be disconnected, whether they like it or not.

From Hawaii to New York City and beyond, Pi Day will be here this Saturday, March 14th. To celebrate, there are a bunch of Raspberry Pi events happening across the United States and all over the world. Some of these are big affairs, like at the Computer History Museum in Mountain View, CA and others are small gatherings in libraries or makerspaces. Scan the list below to find out if there’s a Pi Day event happening near you:

Austin, TX

A few of us will be at SX Create, which is part of the SXSW Interactive festival. We’ll have a few demos and hands on activities that we’re excited to share. We’ll also be surrounded by companies, products, and organizations all related to hacking and tinkering with technology. Even though we’re especially excited about Pi Day on Saturday, we’ll be there for all of SX Create, which runs from March 13 to 15 and is free and open-to-the-public.

We’ll also be joining our friends from Wolfram to celebrate “Super Pi Moment” on 3/14/15 at 9:26:53 am. They’ll have a countdown, FREE Pi(e), contests, and a special “selfie station” to capture the moment. This event is open to SXSW Interactive attendees and is right outside the Austin Convention Center.

Mountain View, CA

You’ll want to get to The Computer History Museum’s Pi Day Celebration early since visitors who arrive before 9:26am that day will be given free admission to their fantastic museum. And if you’re a little late, you can enjoy half-off admission until 10am. From 11:30am until 6:00pm, there will be Raspberry Pi workshops and a showcase of projects followed by Pie, Pizza, and Pints until 6:00pm.

St. Louis, MO

There’s a very strong community of Raspberry Pi users in St. Louis, MO so of course they’re getting together to celebrate Pi Day! The organizers say, “This Jam will build on what we’ve learned from previous events. Both as organizers and enthusiasts. As always we welcome new-comers young and old alike. We would also like to extend invitations to those in the business community looking to develop the Pi into products. Of course, we are hobbyists at heart so we really want to see the unique, strange, and ‘how did you do that?!’ projects.”

Little Rock, AR

Students, makers, and creatives are invited to bring their Raspberry Pi creations to compete for prizes, prestige, and ­ most importantly ­ bragging rights! In addition to the project competition, workshops and labs will be held for people just getting started with the Raspberry Pi, and for those interested in learning how to get the most out of their Raspberry Pi creations.

Upper Lake, CA

Upper Lake Library will be having a Raspberry Pi Day at 310 Second Street in Upper Lake, CA from 10:30am to 12:00pm. They’ll be running an introduction to Raspberry Pi workshop and hope to start a user group.

Wailuku, HI

Maui Makersis hosting Pi Day in their new space in Wailuku Hawaii. Their celebration runs all day with multiple events throughout the day. You can come to learn about Raspberry Pi or show off what you’ve done with our computer.

Brooklyn, NY

In the DUMBO neighborhood of Brooklyn, digital agency HUGE is hosting a Pi Day Hackathon. Participants get 3 hours and 14 minutes to make a pi-themed creation (numerical constant, food, or Raspberry related) and then have 3 minutes and 14 seconds to show it off to the others. RSVP is required, so click here for more details and how to register.

NEXTEP Systems, a Troy, Mich.-based vendor of point-of-sale solutions for restaurants, corporate cafeterias, casinos, airports and other food service venues, was recently notified by law enforcement that some of its customer locations have been compromised in a potentially wide-ranging credit card breach, KrebsOnSecurity has learned.

The acknowledgement came in response to reports by sources in the financial industry who spotted a pattern of fraud on credit cards all recently used at one of NEXTEP’S biggest customers: Zoup, a chain of some 75 soup eateries spread across the northern half of the United States and Canada.

Last week, KrebsOnSecurity reached out to Zoup after hearing from financial industry sources about fraud patterns indicating some sort of card compromise at many Zoup locations. Zoup CEO Eric Ersher referred calls to NEXTEP, saying that NEXTEP was recently informed of a security issue with its point-of-sale devices. Ersher said Zoup runs NEXTEP’s point-of-sale devices across its entire chain of stores.

In an emailed statement, NEXTEP President Tommy Woycik confirmed Ersher’s account, but emphasized that the company does not believe all of its customers are impacted.

“NEXTEP was recently notified by law enforcement that the security of the systems at some of our customer locations may have been compromised,” Woycik wrote. “NEXTEP immediately launched an investigation in cooperation with law enforcement and data security experts we retained to determine the root cause and remediate the issue. We do know that this is NOT affecting all NEXTEP customers, and we have been working with our customers to ensure that any issues are addressed. This remains an ongoing investigation with law enforcement. At this stage, we are not certain of the extent of the breach, and are working around the clock to ensure a complete resolution.”

A breach at a point-of-sale vendor can impact a large number of organizations, and historically the chief victims of POS vendor breaches have been food service establishments. Last year, a pattern of credit card fraud at hundreds of Jimmy Johns sandwich shops across the country was traced back to security weaknesses that fraudsters were exploiting in point-of-sale systems produced by POS vendor Signature Systems Inc. Signature later disclosed that the breach also impacted at least 100 other independent restaurants that use its products.

Earlier this year, Denver-based point-of-sale vendor Advanced Restaurant Management Applications (ARMA) disclosed that malware attacks on its POS devices exposed credit and debit cards for a number of its clients’ customers in Colorado, many of them restaurants.

It’s unclear what’s behind the NEXTEP breach, but if previous such breaches are any indicator the incident may have involved stolen credentials used to remotely administer affected point-of-sale systems. In June 2014, POS vendor Information Systems & Supplies Inc.notified (PDF) customers that a breach of its Log-Me-In account exposed credit card data of stores that used its systems for nearly two months last year.

With remote access to point-of-sale devices, crooks can then upload card-stealing malicious software to the POS terminals. The stolen card data is quite valuable — typically selling for anywhere from $20 to $100 per card on underground cybercrime stores. Crooks can encode the stolen card data onto anything with a magnetic stripe and use the counterfeit cards to buy high-dollar merchandise at big box stores.

It seems quite likely that we’ll hear about additional breaches at POS vendors in the weeks ahead. KrebsOnSecurity is currently in the process of tracking down the common thread behind what appear to be breached POS vendors tied to three different major cities around the country.

Australia has been called out as the world’s piracy capital for several years, a claim that eventually captured the attention of the local Government.

After negotiations between ISPs and entertainment companies bore no fruit, authorities demanded voluntary anti-piracy measures from Internet providers. If that failed, the Government threatened to tighten the law.

Faced with an ultimatum the telecoms body Communications Alliance published a draft proposal on behalf of the ISPs, outlining a three-strikes notification system.

Titled ‘Copyright Notice Scheme Industry Code‘, the proposal suggests that ISPs start to forward infringement notices to their subscribers. After the initial notice subscribers are warned that copyright holders may go to court to obtain their identities.

Several groups have voiced their concerns in response. Australia’s leading consumer group Choice, for example, warns over the potential for lawsuits and potentially limitless fines.

These threats haven’t gone unnoticed by the general public either. While the proposals have not yet been implemented, many Australians are already taking countermeasures.

Over the past two weeks many file-sharers have been seeking tools to hide their IP-addresses and bypass the proposed monitoring system. By using VPN services or BitTorrent proxies their sharing activities can no longer be linked to their ISP account, rendering the three-strikes system useless.

Data from Google trends reveals that interest in anonymizing services has surged, with searches for “VPN” nearly doubling in recent days. This effect, shown in the graph below, is limited to Australia and appears to be a direct result of the ISPs proposals.

Google searches for VPN in Australia

TF spoke to several VPN providers who noticed an increase in both traffic and sales from down under. TorGuard, a VPN and BitTorrent proxy provider, saw the number of Australian visitors and subscribers increase significantly, as seen in the traffic graph below.

“TorGuard has seen a steady increase in Australian subscribers and this new surge of users shows no signs of slowing. To keep up with the demand from this region we have recently added many new VPN servers in Australia, New Zealand, and Los Angeles,”

TorGuard Aussie traffic increase

Another VPN service, which preferred not to be named, also witnessed a similar spike in interest from Australians.

“We are seeing a peak in traffic and sales from Australia. In the past two weeks we saw an 88% traffic increase,” the VPN provider informed us.

These changes have to be seen in perspective of course. It’s still only a fraction of Aussie file-sharers who have taken countermeasures. However, it’s a clear signal that warnings are not the silver bullet to stop piracy.

The Aussie case is not the first time that anti-piracy measures have turned people to anonymizing tools. The same happened when the US Copyright Alert System launched, and earlier this year there was also a spike in Canada when ISPs began forwarding piracy notices.

In its latest “Out-of-Cycle Review of Notorious Markets” report the United States Trade Representative (USTR) lists some of the world’s largest file-sharing sites as venues for prolific copyright infringement.

“Commercial scale trademark counterfeiting and copyright piracy cause significant financial losses for rights holders and legitimate businesses, undermine critical U.S. comparative advantages in innovation and creativity to the detriment of American workers, and can pose significant risks to consumer health and safety,” the report begins.

It’s no surprise that The Pirate Bay is on the USTR list again this year but its first mention is framed as a success. The December 2014 raid against the famous site is quite properly noted but then subsequent references paint a confusing picture.

While the USTR correctly notes that the site eventually resumed operations at ThePirateBay.se, it also claims that the site first came back online at ThePirateBay.si “as well as under several other domain names”. This account runs counter to the actual sequence of events which were regularly documented online.

Although not mentioned specifically by name, numerous PirateBay clones also make an appearance, notably the version created by the IsoHunt.to team.

KickassTorrents is also proving to be a thorn in the side of the USTR. Now reporting that the site is based in Canada, the U.S. government notes that the site reaped the rewards of the Pirate Bay takedown in December by scooping up additional traffic. It notes that the site has had domain name difficulties recently (praising the action by the .SO registry) but concedes that the site remains fully operational.

Meta-search engine Torrentz.eu makes another appearance on the list this year but with an added twist. The USTR is now referring to the site as being part of a group called ‘Movshare Group/Private Layer’ which includes various Torrentz domains plus Putlocker.is, Nowvideo, Movshare, BitSnoop and Novamov, among others.

“This group of affiliated and extremely popular sites, with ties to Switzerland,
Netherlands, Panama, Canada, and other countries, reportedly uses multiple technologies to make available countless unauthorized copies of movies, games, music, audiobooks, software, and sporting event broadcasts,” the USTR writes.

YTS.re or YIFY as it’s still known, receives particular focus in the U.S. government report. Noting that the site has millions of visitors every month and is continuing to grow, the report makes a curious allegation – that YTS is responsible for creating Popcorn Time.

“Yts.re’s operators also created a desktop torrent streaming application called ‘Popcorn Time,’ similar to [Spanish-focused version] ‘Cuevana Storm’,” the report reads.

An interesting situation has also developed around Bulgarian torrent sites Zamunda and Arena.bg. Both sites have been present on the USTR’s list for many years and in practical terms nothing has changed in respect of the way the sites offer copyrighted material. However, the U.S. government now says that both will now be removed from the list.

“[In] recognition of Bulgarian law enforcement efforts and recent reports that the operators of these sites agreed with rights holders to remove links to unauthorized movies upon notification, the sites [have been removed],” the report reads.

Predictably the massively popular Russia-based RuTracker remains a “notorious site” this time around but the problems facing war-torn Ukraine haven’t given that country a free pass. The USTR remains concerned over the country’s approach to protecting copyright so torrent site ExtraTorrent.cc remains on the list alongside hosting site EX.ua.

A curious addition to the list is the Spain-focused EliteTorrent. Criticized for removing content following rightsholder complaints only to replace it at a later date, the site no longer exists having shut itself down in January 2015.

Cyberlockers

With millions of visitors every day, file-hosting site 4shared heads the USTR list. The government notes that the site works with rightsholders by implementing a scanning system to remove unauthorized material but apparently that’s not enough. Complaints from the music industry means that the site remains on the list this time around.

Uploaded.net, another regular feature of the USTR report, makes another appearance this time around. While claiming the site has alleged links to Switzerland and Netherlands, the U.S. government plucks figures directly from the recent and controversial NetNames cyberlocker report by claiming the site generates $6 million per year in revenues.

With Google being asked to remove close to 10 million links from ZippyShare.com, it’s little surprise that the file-hosting site is present on this year’s list.

“The site offers features that make piracy more ‘infringer friendly,’ including through accelerated downloading. Its revenues reportedly come from paid advertising, which targets the millions of users who download files from the site,” the report reads.

But despite being one of the largest sites of its type, Russia’s Rapidgator gets only a short mention, possibly due to the USTR’s belief that its popularity is declining. Social network VK or vKontakte is given much more focus, however. The USTR cautiously notes the site’s efforts to reduce infringement but concludes that much more needs to be done.

On the linking front Baixeturbo.org gets a notable mention.The site has been in operation for almost seven years and is reportedly popular with Brazilians. However, it’s hosted in the UK so should in theory be an easy site for the Police Intellectual Property Crime Unit to disrupt. Nevertheless, it remains online and features prominently in the USTR’s list.

Domain registrars

The USTR Notorious Markets report usually focused on sites and services involved in online copyright infringement, but this time around the government appears to be widening the net. For the first time legitimate companies that simply register domain names are being put under the spotlight.

“This year, USTR is highlighting the issue of certain domain name registrars. Registrars are the commercial entities or organizations that manage the registration of Internet domain names, and some of them reportedly are playing a role in supporting counterfeiting and piracy online,” the report reads.

“Some registrars..[..]…reportedly disobey court orders and other communications, including from government enforcement authorities. Some registrars apparently even advertise to the online community that they will not take action against illicit activity, presumably to incentivize registrations by owners and operators of illicit sites.”

The USTR singles out Canada-based Tucows as “an example of a registrar that fails to take action when notified of its clients’ infringing activity. Consistent with the discussion above, USTR encourages the operators of Tucows to work with relevant stakeholders to address complaints,” the USTR writes.

Successes

In common with previous years the report begins with a short summary of successes. Spanish site Seriesyonkis.com and Blu-ray ripping software vendor Aiseesoft were commended for their positive actions and with some reservations noted, Chinese site Xunlei was removed from the latest list.

Action taken against the German-based linking site Boerse.bz was also deemed worthy of a mention but its resurrection as Boerse.to was relegated to a fine-print footnote.

Putlocker.com, a site reportedly targeted by law enforcement in 2012 and 2013 (later rebranding to FireDrive in 2014) has also been removed from the list. The USTR notes that the site may not have completely mended its ways but since traffic has dropped dramatically the site has lost its “notorious” status.

Conclusion

While there are no real surprises in the report, the addition of domain registrars is a notable development. Expect this element to grow in future editions and for the cat and mouse game with most other sites to continue.

By now most Internet users are well aware of the fact that pretty much every step they take on the Internet is logged or monitored.

To prevent their IP-addresses from being visible to the rest of the Internet, millions of people have signed up to a VPN service. Using a VPN allows users to use the Internet anonymously and prevent snooping.

Unfortunately, not all VPN services are as anonymous as they claim, as several incidents have shown in the past.

By popular demand we now present the fourth iteration of our VPN services “logging” review. In addition to questions about logging practices, we also asked VPN providers about other privacy sensitive policies, so prospective users can make an informed decision.

—

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?

2. Under what jurisdiction(s) does your company operate?

3. What tools are used to monitor and mitigate abuse of your service?

4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users?

5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened?

7. Does your company have a warrant canary or a similar solution to alert customers to gag orders?

8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

9. Which payment systems do you use and how are these linked to individual user accounts?

10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches” if a connection drops and DNS leak protection?

11. Do you use your own DNS servers? (if not, which servers do you use?)

12. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located?

—

Below is the list of responses we received from various VPN providers, in their own words. In some cases we asked for further clarification. VPN providers who keep logs for longer than 7 days were excluded, and others who simply failed to respond.

Please note that several VPN companies listed here do log to some extent. We therefore divided the responses into a category of providers who keep no logs (page 1/2) and one for who keep usage and/or session logs (page 3). The order of the VPNs within each category holds no value.

We are also working on a convenient overview page as well as dedicated review pages for all providers, with the option for users to rate theirs and add a custom review. These will be added in the near future.

VPNs That keep No Logs

1. We do not log, period. This includes, but is not limited to, any traffic data, DNS data or meta (session) data. Privacy IS our policy.

2. We choose to operate in the US in order to provide no logging service, as there is no mandatory data retention law in the US. Additionally, our beloved clients are given access to some of the strongest consumer protection laws, and thus, are able to purchase with confidence.

3. We do not monitor our users, period. That said, we have a proprietary system in place to help mitigate abuse.

4. We utilize SendGrid as an external mailing system and encourage users to create an anonymous e-mail when signing up depending on their adversarial risk level. Our support system is in-house as we utilize Kayako.

5. We have a proprietary system in place that allows us to comply in full with DMCA takedown notices without disrupting our users’ privacy. Because we do not log our users’ activities in order to protect and respect their privacy, we are unable to identify particular users that may be infringing the lawful copyrights of others.

6. We do not log and therefore are unable to provide information about any users of our service. We have not, to date, been served with a valid court order that has required us to provide something we do not have.

7. We do not have a warrant canary in place at this time as the concept of a warrant canary is, in fact, flawed at this time, or in other words, is “security theater.”

8. We do not attempt to filter, monitor, censor or interfere in our users’ activity in any way, shape or form. BitTorrent is, by definition, allowed.

9. We utilize a variety of payment systems including, but not limited to, PayPal, Stripe, Amazon, Google, Bitcoin, Stellar, CashU, Ripple, Most Major Store Bought Gift card, PIA Gift cards (available in retail stores for “cash”), and more. We utilize a hashing system to keep track of payments and credit them properly while ensuring the strongest levels of privacy for our users.

10. The most secure VPN connection and encryption algorithm that we would recommend to our users would be our suite of AES-256, RSA 4096 and SHA1 or 256. However, AES-128 should still be considered quite safe. For users of Private Internet Access specifically, we offer addon tools to help ensure our beloved clients’ privacies including:

– Kill Switch : Ensures that traffic is only routed through the VPN such that if the VPN connection is unexpectedly terminated, the traffic would simply not be routed.
– IPv6 Leak Protection : Protects clients from websites which may include IPv6 embeds which could leak IPv6 IP information.
– DNS Leak Protection : This is built in and ensures that DNS requests are made through the VPN on a safe, private no-log DNS daemon.
– Shared IP System : We mix clients’ traffic with many clients’ traffic through the use of an anonymous shared-IP system ensuring that our users blend in with the crowd.

11. We are currently using our own DNS caching.

12. We utilize third party datacenters that are operated by trusted friends and, now, business partners who we have met and completed our due diligence on. Our servers are located in: USA, Canada, UK, Switzerland, Amsterdam, Sweden, Paris, Germany, Romania, Hong Kong, Israel, Australia and Japan. We have over 2,000 servers deployed at the time of writing with over 1,000 in manufacture/shipment at this time.

1. No logs are kept whatsoever. TorGuard does not store any traffic logs or user session data on our network because since day one we engineered every aspect of the operation from the ground up, permitting us full control over the smallest details. In addition to a strict no logging policy we run a shared IP configuration that provides an added layer of anonymity to all users. With hundreds of active sessions sharing a single IP address at any given time it becomes impossible to back trace usage.

2. At the time of this writing our headquarters currently operates from the United States. Due to the lack of data retention laws in the US, our legal team has determined this location to be in the best interest of privacy for the time being. Although TorGuard’s HQ is in the US, we take the commitment to user privacy seriously and will uphold this obligation at all costs, even if it means transferring services or relocating company assets.

3. Our network team uses a combination of open source monitoring apps and custom developed tools to mitigate any ongoing abuse of our services. This allows us to closely monitor server load and uptime so we can pinpoint and resolve potential problems quickly. If abuse reports are received from an upstream provider, we block them in real-time by employing various levels of firewall rules to large blocks of servers. Should these methods fail, our team is quick to recycle entire IP blocks and re-deploy new servers as a last resort.

4. For basic troubleshooting and customer service purposes we utilize Livechatinc for our chat support. TorGuard staff does make use of Google Apps for company email, however no identifying client information like passwords, or billing info is ever shared among either of these platforms. All clients retain full control over account changes in our secure member’s area without any information passing through an insecure channel.

5. Because we do not host any content it is not possible for us to remove anything from a server. In the event a DMCA notice is received it is immediately processed by our abuse team. Due to our shared network configuration we are unable to forward any requests to a single user. In order to satisfy legal requirements from bandwidth providers we may temporarily block infringing protocols, ports, or IPs.

6. If a court order is received, it is first handled by our legal team and examined for validity in our jurisdiction. Should it be deemed valid, our legal representation would be forced to further explain the nature of a shared IP configuration and the fact that we do not hold any identifying logs. No, we remain unable to identify any active user from an external IP address and time stamp.

7. No, at this time we do not have a warrant canary.

8. Yes, TorGuard was designed with the BitTorrent enthusiast in mind. P2P is allowed on all servers, although for best performance we suggest using locations that are optimized for torrents. Users can find these servers clearly labeled in our VPN software.

9. We currently accept over 200 different payment options through all forms of credit card, PayPal, Bitcoin, altcoins (e.g. dogecoin, litecoin + more), Paysafecard, Alipay, CashU, Gift Cards, and many other methods. No usage can be linked back to a billing account due to the fact that we maintain zero logs across our network.

10. For best security we advise clients to use OpenVPN connections only and for encryption use AES256 with 2048bit RSA. Additionally, TorGuard VPN offers “Stealth” protection against DPI (Deep Packet Inspection) interference from a nosey ISP so you can access the open web freely even from behind the Great Firewall of China. These options are available on select locations and offer excellent security due to the cryptography techniques used to obfuscate traffic. Our VPN software uses OpenVPN exclusively and features built in DNS leak protection, an App Killswitch, and a connection Killswitch. We have also just released a built in WebRTC leak block feature for Windows Vista/7/8 users.

11. Yes, we offer private, no log DNS servers which can be obtained by contacting our support desk. By default we also use Google DNS and OpenDNS for performance reasons on select servers.

12. TorGuard currently maintains 1000+ servers in over 44 countries around the world and we continue to expand the network every month. We retain full physical control over all hardware and only seek partnerships with data centers who can meet our strict security criteria. All servers are deployed and managed exclusively by our in house networking team via a single, secure key. We have servers in Australia, Belgium, Brazil, Canada, China, Costa Rica, Czech Republic, Denmark, Egypt, Finland, France, Germany, Greece, Hong Kong, Iceland, India, Indonesia, Ireland, Italy, Japan, Korea, Latvia, Luxembourg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Panama, Poland, Portugal, Romania, Russia, Saudi Arabia, Singapore, South Africa, Spain, Sweden, Switzerland, Tunisia, Turkey, United Kingdom, USA, and Vietnam.

1. IPVanish has a zero-log policy. We keep NO traffic logs on any customer, ever.

2. IPVanish is headquartered in the US and thus operates under US law.

3. IPVanish monitors CPU utilization, bandwidth and connection counts. When thresholds are passed, a server may be removed from rotation as to not affect other users.

4. IPVanish does not use any external support tools that hold user information. We do, however, operate an opt-in newsletter that is hosted at Constant Contact. Customers are in no way obligated to sign up for the newsletter.

5. IPVanish keeps no logs of any user’s activity and responds accordingly.

6. IPVanish, like every other company, follows the law in order to remain in business. Only US law applies.

7. No.

8. P2P is permitted. IPVanish does not block or throttle any ports, protocols, servers or any type of traffic whatsoever.

9. Bitcoin, PayPal and all major credit cards are accepted. Payments and service use are in no way linked. User authentication and billing info are also managed on completely different and independent platforms.

10. We recommend OpenVPN with 256 bit AES as the most secure VPN connection and encryption algorithm. IPVanish’s service and software also currently provide DNS leak prevention. We are developing a kill switch in upcoming releases of our software.

11. IPVanish does use its own DNS servers. Local DNS is handled by the server a user connects to.

12. IPVanish is one of the only tier-1 VPN networks, meaning we own and operate every aspect of our VPN platform, including physical control of our VPN servers. This gives IPVanish users security and speed advantages over other VPN services. IPVanish servers can be found in over 60 countries including the US, UK, Canada, Netherlands and Australia.

1. No, this is fundamental to the service we provide. It is also in our interests not to do so as it minimizes our own liability.

2. Gibraltar. In 2014 we decided to move the company from Malta to Gibraltar in light of the new 2015 EU VAT regulations which affect all VPN service providers based in the EU. The EU VAT regulations now require companies to collect two pieces of non-conflicting evidence about the location of a customer; this would be at a minimum the customer’s physical address and IP address.

3. We have built a number of bespoke systems over the last 5 years as we’ve encountered and addressed most types of abuse. At a high level we use Zabbix, an open-source monitoring tool that alerts us to incidents. As examples we have built an anti-spam rate-limiter based on iptables so we don’t have to block any email ports and forked a tool called PSAD which allows us to detect attacks originating from our own network in real time.

4. No. We made a strategic decision from the beginning that no company or customer data would ever be stored on 3rd party systems. Our customer support software, email, web analytics (Piwik), issue tracker, monitoring servers, code repo’s, configuration management servers etc. all run on our own dedicated servers that we setup, configure and manage.

5. Our legal department sends a reply stating that we do not store content on our servers and that our VPN servers act only as a conduit for data. In addition, we never store the IP addresses of customers connected to our network nor are we legally required to do so.

6. That would depend on the information with which we were provided. If asked to identify a customer based on a timestamp and/or IP address then we would reply factually that we do not store this information, so we are unable to provide it. If they provide us with an email address and asked for the customer’s identity then we reply that we do not store any personal data, we only store a customer’s email address. If the company were served with a valid court order that did not breach the Data Protection Act 2004 we could only confirm that an email address was or was not associated with an active account at the time in question. We have never been served with a valid court order.

8. Yes, we don’t block BitTorrent or any other protocol on any of our servers. We do kindly request that our customers use non-USA based exit servers for P2P. Any company receiving a large number of DMCA notices is exposing themselves to legal action and our upstream providers have threatened to disconnect our servers in the past.

9. We accept Bitcoin, Cash and Paypal. When using cash there is no link to a user account within our system. When using Bitcoin, we store the Bitcoin transaction ID in our system. If you wish to remain anonymous to IVPN you should take the necessary precautions when purchasing Bitcoin (See part 7 of our advanced privacy guides). With Paypal we store the subscription ID in our system so we can associate incoming subscription payments. This information is deleted immediately when an account is terminated.

10. We provide RSA-4096 / AES-256 with OpenVPN, which we believe is more than secure enough for our customers’ needs. If you are the target of a state level adversary or other such well-funded body you should be far more concerned with increasing your general opsec than worrying about 2048 vs 4096 bit keys. The IVPN client offers an advanced VPN firewall that blocks every type of IP leak possible (DNS, network failures, WebRTC STUN, IPv6 etc.). It also has an ‘always on’ mode that will be activated on boot before any process on the computer starts. This will ensure than no packets are ever able to leak outside of the VPN tunnel.

11. Yes. Once connected to the VPN all DNS requests are sent to our pool of internal recursive DNS servers. We do not use forwarding DNS servers that forward the requests to a public DNS server such as OpenDNS or Google.

12. We use dedicated servers leased from 3rd party data centers in each country where we have a presence. We employ software controls such as full disk encryption and no logging to ensure that if a server is ever seized it’s data is worthless. We also operate a multi-hop network so customers can choose an entry and exit server in different jurisdictions to make the adversaries job of correlating the traffic entering and exiting our network significantly more complicated. We have servers located in Switzerland, Germany, Iceland, Netherlands, Romania, France, Hong-Kong, USA, UK and Canada.

1.We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user of our service. The only thing we log are e-mails and user names but it’s not possible to bind an activity on the Internet to a user on PrivateVPN.

2. We operate in Swedish jurisdiction.

3. If there’s abuse, we advise that service to block our IP in the first instance, and second, we can block traffic to the abused service.

4. No. We use a service from Provide Support (ToS) for live support. They do not hold any information about the chat session. From Provide support: Chat conversation transcripts are not stored on Provide Support chat servers. They remain on the chat server for the duration of the chat session, then optionally sent by email according to the user account settings, and then destroyed.

5. This depends on the country in which we’re receiving a DMCA takedown. For example, we’ve received a DMCA takedown for UK and Finland and our response was to close P2P traffic in those countries.

6. If we get a court order to monitor a specific IP then we need to do it, and this applies to every VPN company out there.

7. We’re working on a solution where we publish a statement that we haven’t received legal process. One we receive a legal process, this canary statement is removed.

8. Yes, we allow Torrent traffic.

9. PayPal, Payson, 2Chrckout and Bitcoin. Every payment has an order number, which is linked to a user. Otherwise we wouldn’t know who has made a payment. To be clear, you can’t link a payment to an IP address you get from us.

10. OpenVPN TUN with AES-256. On top is a 2048-bit DH key. For our Windows VPN client, we have a feature called “Connection guard”, which will close a selected program(s) if the connection drop. We have no tools for DNS leak but we’re working on a protection that detects the DNS leak and fixes this by changing to a secure DNS server.

1. No. This would make both us and our users more vulnerable so we certainly don’t. To make it harder to watch the activities of an IP address from the outside we also have many users sharing addresses, both for IPv4 and IPv6.

2. Swedish.

3. We don’t monitor our users. In the rare cases of such egregious network abuse that we can’t help but notice (such as DoS attacks) we stop it using basic network tools.

4. We do use external providers and encourage people sending us email to use PGP encryption, which is the only effective way to keep email somewhat private. The decrypted content is only available to us.

5. There is no such Swedish law that is applicable to us.

6. We get requests from governments from time to time. They never get any information about our users. We make sure not to store sensitive information that can be tied to publicly available information, so that we have nothing to give out. We believe it is not possible in Swedish law to construct a court order that would compel us to actually give out information about our users. Not that we would anyway. We started this service for political reasons and would rather discontinue it than having it work against its purpose.

7. Under current Swedish law there is no way for them to force us to secretly act against our users so a warrant canary would serve no purpose. Also, we would not continue to operate under such conditions anyway.

8. Yes.

9. Bitcoin (we were the first service to accept it), cash (in the mail), bank transfers, and PayPal / credit cards. Payments are tied to accounts but accounts are just random numbers with no personal information attached that users can create at will. With the anonymous payments possible with cash and Bitcoin it can be anonymous all the way.

10. OpenVPN (using the Mullvad client program). Regarding crypto, ideally we would recommend Ed25519 for certificates, Curve25519 for key exchange (ECDHE), and ChaCha20-Poly1305 for data streams but that suite isn’t supported by OpenVPN. We therefore recommend and by default use RSA-2048, D-H (DHE) and AES-256-CBC-SHA. We have a “kill switch,” DNS leak protection and IPv6 leak protection (and IPv6 tunnelling).

11. Yes, we use our own DNS servers.

12. We have a range of servers. From on one end servers lovingly assembled and configured by us with ambitious physical security in data centers owned and operated by people we trust personally and whose ideology we like. On the other end rented hardware in big data centers. Which to use depends on the threat model and performance requirements. Currently we have servers hosted by GleSYS Internet Services, 31173 Services and Leaseweb in Sweden, the Netherlands, USA and Germany.

2. Malaysia. This may change in the near future and we will post an announcement when this is confirmed.

3. We do monitor general traffic patterns to see if there is any unusual activity that would warrant a further investigation.

4. We use ZenDesk and Zopim but are moving to use OSTicket which is open source. This should happen in the next 1-2 months.

5. Generally we work with the providers to resolve the issue and we have never given up any of our customer information. Generally we terminate our relationship with the provider if this is not acceptable. Our US servers under DMCA jurisdiction or UK (European equivalent) have P2P locked down.

6. This has not happened yet but we do not keep any user logs so there is not much that can be provided especially if the payment is via an anonymous channel. One of our founders is a lawyer so such requests will be examined on their validity and we will resist such requests if done without proper cause or legal backing.

8. Yes it is allowed except on those marked Surfing-Streaming only which are restricted either due to the provider’s policies or limited bandwidth.

9. We use MolPay, PayPal, Coinbase, Coinpayments and direct deposits. On our system it is only marked with the Invoice ID, the account it’s for, the method of payment and whether it’s paid or not. We however of course do not have control of what is stored with the payment providers.

10. Our Cloak configurations implement 256 bit AES and a SHA-512 HMAC combined with a scrambling obfuscation layer. We do have a lock down/kill switch feature and DNS leak protection.

11. Yes we do use our own DNS servers.

12. Our VPN servers are hosted by third parties however for competitive reasons, we rather not mention our providers (not that it would be hard to find out with some digging). However none of these servers hold anything sensitive as they are authenticated purely using PKI infrastructure and as long as our users regularly update their configurations they should be fine. We do however have physical control over the servers that handle our customer’s information.

1. Do we keep logs? What is that? Seriously, we have a strict no-logs policy over our customers. The only information we keep is customers’ e-mail addresses which are needed for our service registration (we keep the e-mail addresses until the customer closes the account).

2. NordVPN is based out of Panama.

3. No tools are used to monitor our customers in any case. We are only able to see the servers’ load, which helps us optimize our service and provide the best possible Internet speed to our users.

4. We use the third-party live support tool, but it is not linked to the customers’ accounts.

5. When we receive any type of legal notices, we cannot do anything more than to ignore them, simply because they have no legal bearing to us. Since we are based in Panama, all legal notices have to be dealt with according to Panamanian laws first. Luckily they are very friendly to Internet users.

6.If we receive a valid court order, firstly it would have to comply with the laws of Panama. In that case, the court settlement should happen in Panama first, however were this to happen, we would not be able to provide any information because we keep exactly nothing about our users.

7. We do not have a warrant canary or any other alert system, because as it was mentioned above, we operate under the laws of Panama and we guarantee that any information about our customers will not be distributed to any third party.

8. We do not restrict any BitTorrent or other file-sharing applications on most of our servers.

9. We accept payments via Bitcoin, Credit Card, PayPal, Banklink, Webmoney (Paysera). Bitcoin is the best payment option to maintain your anonymity as it has only the paid amount linked to the client. Users who purchase services via PayPal are linked with the usual information the seller can see about the buyer.

10. We have high anonymity solutions which we would like to recommend to everyone seeking real privacy. One of them is Double VPN. The traffic is routed through at least two hoops before it reaches the Internet. The connection is encrypted within two layers of cipher AES-256-CBC encryption. Another security solution – Tor over VPN. Firstly, the traffic is encrypted within NordVPN layer and later sent to the Tor network and exits to the Internet through one of the Tor exit relays. Both of these security solutions give a great encryption and anonymity combination. The benefit of using these solutions is that the chances of being tracked are eliminated. In addition, you are able to access .onion websites when connected to Tor over VPN. Furthermore, our regular servers have a strong encryption which is 2048bit SSL for OpenVPN protocol, AES-256bit for L2TP.

In addition to that, we have advanced security solutions, such as the “kill switch” and DNS leak protection which provide the maximum possible security level for our customers.

11. NordVPN has its own DNS servers, also our customers can use any DNS server they like.

1. We don’t keep any logs with IP addresses. The only information we save is an email. It’s impossible to connect specific activity to a user.

2. Our company is under Seychelles jurisdiction.

3. We do not monitor any user’s traffic or activity for any reason.

4. We use third-party solutions for user communications and emailing. Both are running on our servers.

5. We have small amount of abuses. Usually we receive them through email and all of them are bot generated. As we don’t keep any content we just answer that we don’t have anything or ignore them.

6. It has never happened for 8 years. We will ignore any requests from all jurisdiction except Seychelles. We have no information regarding our customers’ IP addresses and activity on the Internet.

7. No, we don’t bother our users.

8. Yes we support all kind of traffic on all servers.

9. We are using PayPal but payment as a fact proves nothing. Also we are going to expand our payment types for the crypto currencies in the nearest future.

10. We are recommending to use the most simple and secure way — OpenVPN with AES-256 encryption. To protect the torrent downloads we suggest to create a proxy SSH tunnel for your torrent client. In this case you are encrypting only your P2P connection when your browser or Skype uses your default connection. When using standard VPN in case of disconnection your data flows unencrypted. Implementing our SSH tunnel will save from such leaking cause traffic will be stopped.

11. Yes. We are using our own DNS servers.

12. We use third party datacenters for VPN and SSH data transmission in the USA, UK and Netherlands. The whole system is located on our own servers.

2. Republic of Seychelles. And of course, every jurisdiction where each of our servers are, for their specific cases.

3. IPtables, TCPdump and Wireshark, for which their use is always informed at least 24 hours in advance via our Network Alerts and/or Transparency Report.

4. All our emails, panels and support are in-house. We host our own WHMCS instance for billing and support. We host server details, project management and financial management on Redmine that we of course self-run. The only third-party connections we have are Google Analytics and Google Translate on our public website (not panel), for obvious convenience gains, but the data they fetch can easily be hidden or faked. We may also sometimes route email through Mandrill but never with user information. We also have our OpenVPN client’s code hosted at Github, but this is because we are preparing to open source it.

5. We block the affected port and explain to upstream provider and/or complainant that we cannot identify the user who did the infringement, and we can therefore not pass the notice on. We also publish a transparency report and send a copy to the Chilling Effects Clearinghouse. If there are too many infringements, we may block all ports and strengthen firewall rules to satisfy upstream provider, but this may lead us to simply drop the server on short-term due to it becoming unusable.

6. We first post the court order to public and inform our users through our blog, much-followed Twitter account, transparency report and/or network alert. If we are unable to do so, we use our warrant canary. Then, we would explain to the court that we have no technical capacity to identify the user and we are ready to give access to competent and legitimate forensic experts. To this date, no valid court order has been received and acknowledged by us.

7. Yes, proxy.sh/canary.

8. We do not discriminate activity across our network. We are unable to decrypt traffic to differentiate file-sharing traffic from other activities, and this would be against our ethics anyway. The use of BitTorrent and similar is solely limited to the fact you can whether open/use the ports you wish for it on a selected server.

9. We support hundreds of payment methods, from PayPal to Bitcoin through SMS to Ukash and Paysafecard. We use third-party payment providers who handle and carry themselves the payments and the associated user information needed for them (e.g. a name with a credit card). We never have access to those. When we need to identify a payment for a user, we always need to ask him or her for references (to then ask the payment provider if the payment exists) because we do not originally have them. Last but not least, we also have an option to kill accounts and turn them into completely anonymous tokens with no panel or membership link at all, for the most paranoid customers (in the positive sense of the term).

10. We currently provide Serpent in non-stable & limited beta and it is the strongest encryption algorithm we have. We also openly provide to our experienced users ECDH curve secp384r1 and curve22519 through a 4096-bit Diffie-Hellman key. We definitely recommend such a setup but it requires software compiling skills (you need OpenVPN’s master branch). This setup also allows you to enjoy OpenVPN’s XOR capacity for scrambling traffic. We also provide integration of TOR’s obfsproxy for similar ends. Finally, for more neophyte users, we provide 4096-bit RSA as default standard. It is the strongest encryption that latest stable OpenVPN provides. Cipher and hash are the strongest available and respectively 256-bit CBC/ARS and SHA512. Our custom OpenVPN client of course provides a kill switch and DNS leak protection.

11. Yes, we provide our own OpenNIC DNS servers as well as DNSCrypt capacity.

12. We use a mix of collocation (physically-owned), dedicated and virtual private servers – also known as a private/public cloud combination. All our VPN servers are running from RAM and are disintegrated on shutdown or reboot. About two-third of them are in the public cloud (especially for most exotic locations). Our network spans across more than 40 countries.

1. We have revised our policy. Currently we store no logs related to any IP address. There is no way for any third-party to match user IP to any specific activity in the internet.

2. We operate under US jurisdiction.

3. We would have to get into details of each individual point of our ToS. For basics like P2P and torrent traffic on servers that do not allow for such transmissions or connecting to more than three VPN servers at the same time by the same user account. But we do not monitor users’ traffic. Also, since our users use shared IP address of VPN server, there is no way any third party could connect any online activity to a user’s IP address.

4. We are using Google apps for incoming mail and our own mail server for outgoing mail.

5. Since no information is stored on any of our servers there is nothing that we can take down. We reply to the data center or copyright holder that we do not log our users’ traffic and we use shared IP-addresses, which make impossible to track who downloaded any data from the internet using our VPN.

6. We would reply that we do not have measures that would us allow to identify a specific user. It has not happened so far.

7. Currently not. We will consider if our customers would welcome such a feature. So far we have never been asked for such information.

8. This type of traffic is welcomed on our German (DE VPN) and Dutch (NL VPN) servers. It is not allowed on US, UK and Canada servers as stated in our ToS – reason for this is our agreements with data centers. We also have a specific VPN plan for torrents.

10. We would say SoftEther VPN protocol looks very promising and secure. Users can currently use our VPN applications on Windows and OSX systems. Both versions have a “kill switch” feature in case connection drops. Also, our apps are able to re-establish VPN connection and once active restart closed applications.

Currently our software does not provide DNS leak protection. However a new version of VPN client is in the works and will be updated with such a feature. We can let you know once it is out. At this time we can say it will be very soon.

11. For VPN we use Google DNS servers, and for SmartDNS we use our own DNS servers.

12. We don’t have physical control of our VPN servers. Servers are outsourced in premium datacenters with high quality tier1 networks. Countries now include – US/UK/NL/DE/CA

2. We operate a complex business structure with multiple layers of Offshore Holding Companies, Subsidiary Holding Companies, and finally some Operating Companies to help protect our interests. We will not disclose the exact hierarchy of our corporate structures, but will say the main marketing entity for our business is based in the United States of America and an operational entity is based out of Nevis.

3. We do not monitor any customer’s activity in any way. We have chosen to disallow outgoing SMTP which helps mitigate SPAM issues.

4. No. We do utilize third party email systems to contact clients who opt in for our newsletters.

5. If a valid DMCA complaint is received while the offending connection is still active, we stop the session and notify the active user of that session, otherwise we are unable to act on any complaint as we have no way of tracking down the user. It is important to note that we ALMOST NEVER receive a VALID DMCA complaint while a user is still in an active session.

6. Our customer’s privacy is of top most importance to us. We are required to comply with all valid court orders. We would proceed with the court order with complete transparency, but we have no data to provide any court in any jurisdiction. We would not rule out relocating our businesses to a new jurisdiction if required.

7. Yes. We maintain a passive warrant canary, updated weekly, and are investigating a way to legally provide a passive warrant canary which will be customized on a “per user” basis, allowing each user to check their account status individually. It is important to note that the person(s) responsible for updating our warrant canary are located outside of any of the countries where our servers are located.

8. Yes, all traffic is allowed.

9. We accept PayPal, Credit Cards, Bitcoin, Cash, and Money Orders. We keep user authentication and billing information on independent platforms. One platform is operated out of the United States of America and the other platform is operated out of Nevis. We offer the ability for the customer to permanently delete their payment information from our servers at any point. All customer data is automatically removed from our records shortly after the customer ceases being a paying member.

10. We recommend using OpenVPN if at all possible (available for Windows, Apple, Linux, iOS, Android) and it uses the AES-256-CBC algorithm for encryption.

Our Windows and Mac client incorporates IP and DNS leak protection which prevents DNS leaks and provides better protection than ordinary ‘kill-switches’. Our IP leak protection proactively keeps your IP from leaking to the internet. This was one of the first features we discussed internally when we were developing our network, it is a necessity for any good VPN provider.

11. Yes.

12. We run a mix. We physically control some of our server locations where we have a heavier load. Other locations are hosted with third parties until we have enough traffic in that location to justify racking our own server setup. To ensure redundancy, we host with multiple providers in each location. We have server locations in over forty countries. In all cases, our network nodes load over our encrypted network stack and run from ramdisk. Anyone taking control of the server would have no usable data on the disk. We run an algorithm to randomly reboot each server on a regular basis so we can clear the ramdisk.

1. No. We cannot locate an individual user by IP address and timestamp. There are no logs written to disk on our gateways.

The gateway servers keep the currently authenticated customers in the server’s RAM so they can properly connect and route incoming traffic to those customers. Obviously, if a server is powered down or restarted, the contents of the RAM are lost. We keep gateway performance data such as CPU loading, I/O rates and maximum simultaneous connections so that we can manage and optimize our network.

2. We operate two independent companies with different ownership structures – a network operations company and a marketing company. The network operations company operates out of Nevis. The marketing company operates under US jurisdiction and manages the website, customer accounts and support. The US company has no access to network operations and the Nevis company has no customer account data.

3. We are not in the business of monitoring customer traffic in any way. Spam emails were our biggest issue and early on we decided to prevent outgoing SMTP. Otherwise, the only other abuse tools we use are related to counting the number of active connections authenticated on an account to control account sharing issues. We use a NAT firewall on incoming connections to our gateways to add an extra layer of security for our customers.

4. No. We do use a service to send generic emails.

5. Due to the structure of our network operations company, it is unusual that we would receive a notice. There should be no cause for the marketing company to receive a notice. If we receive a DMCA notice or its equivalent based on activity that occurred in the past, we respond that we do not host any content and have no logs.

If we receive a DMCA notice based on very recent activity and the customer’s current VPN session during which it was generated is still active on the gateway, we may put the account on hold temporarily and notify the customer. No customer data is used to respond to DMCA notices.

6. Our customers’ privacy is a top priority for us. We would proceed with a court order with complete transparency. A court order would likely be based on an issue traced to a gateway server IP address and would, therefore, be received by our our network operations company which is Nevis based. The validity of court orders from other countries would be difficult to enforce. The network company has no customer data.

Our marketing company is US based and would respond to an order issued by a court of competent jurisdiction. The marketing company does not have access to any data related to network operations or user activity, so there is not much information that a court order could reveal. This has not happened.

7. We are discussing internally and reviewing existing law related to how gag orders are issued to determine the best way to offer this measure of customer confidence.

8. Yes. We operate with network neutrality except for outgoing SMTP.

9. Bitcoin and other cryptocurriences such as Darkcoin, Credit/Debit Card, and PayPal. If complete payment anonymity is desired, we suggest using Bitcoin, DarkCoin, or a gift/disposable credit card. Methods such as PayPal or Credit/Debit card are connected to an account token so that future renewal payments can be properly processed and credited. We allow customers to edit their account information. With our US/Nevis operating structure, customer payment systems information is separate from network operations.

10. We recommend using the AES-256-CBC cipher with OpenVPN, which is used with our client. IPSec is available for native Apple device support and PPTP is offered for other legacy devices, but OpenVPN offers the best security and speed and is our recommended protocol

We provide both DNS and IP leak protection in our Windows and Mac OctaneVPN client. Our OpenVPN based client’s IP leak protection works by removing all routes except the VPN route from the device when the client has an active VPN connection. This a better option than a ‘kill switch’ because our client ensures the VPN is active before it allows any data to leave the device, whereas a ‘kill switch’ typically monitors the connection periodically, and, if it detects a drop in the VPN connection, reacts.

11. Yes and we physically control them. You can choose others if you prefer.

12. In our more active gateway locations, we colocate. In locations with lower utilization, we normally host with third parties until volume at that location justifies a physical investment there. The hosted locations may have different providers based on geography. We operate gateways in over 44 countries and 90 cities. Upon booting, all our gateways load over our encrypted network from a master node and operate from encrypted ramdisk. If an entity took physical control of a gateway server, the ramdisk is encrypted and would vanish upon powering down.

While Hollywood would’ve liked it to remain a secret, news that the majority of Oscar contenders were available online just a day after the Academy’s announcement traveled fast.

In anticipation of this eventuality, at the turn of the year piracy monitoring firm Irdeto began tracking dozens of top movies in order to compare the number of downloads before and after the Oscar nominations were made public. Some of the numbers just revealed by the company are eye-watering.

After monitoring from January 1 through February 14, Irdeto found that there was a 385% increase in piracy of nominated films following the Academy’s announcement on January 15.

“While Gone Girl was the early frontrunner after nominations, American Sniper took the lead and is currently the most pirated film in the world post-nomination,” Irdeto reveals.

As the chart below shows, the majority of nominees had download numbers boosted between 161% and 230%, but clearly out in front is Selma with a 1033% uplift.

In terms of pure downloads, however, the Martin Luther King movie isn’t an Oscar high-flyer. Despite the huge boost in interest after nomination day, Selma sits in 10th place well behind piracy leaders American Sniper and Gone Girl.

Of course, the big question now is whether popularity on BitTorrent networks will be mirrored in the final Oscars ceremony. Ranking movies based on downloads since January 15 in the categories they were nominated, Irdeto predicts the winners as follows:

Best Picture: American Sniper (1.39m)

Best Actor: Bradley Cooper, American Sniper (1.39m)

Best Director: Alejandro González Iñárritu, Birdman (796.7K)

Best Actress: Rosamund Pike, Gone Girl (1.25m)

Hollywood’s own leaks contributed to the piracy problem

While the Oscar-nominated movies now available online come from a wide variety of sources including Blu-ray, DVD (34% combined) and Cams (11%), Irdeto’s study highlights the problems the Academy has with its own leaks. Handed out to voters, critics and others in the industry, screeners are the most prized source for online booty. And this year there were plenty of them.

“Hollywood screeners specifically accounted for a substantial 31% of the total illegal downloads tracked between January 15 and February 14,” Irdeto reveals.

“Six nominated movies currently unavailable for retail purchase on Blu-Ray, DVD, VOD or legal streaming/download sites saw the majority of piracy coming directly from these screeners: American Sniper, The Imitation Game, Wild, Selma, Whiplash and Still Alice.”

While noting that not every download is a lost sale, the anti-piracy company still believes that an estimated $40m could have been lost on these titles alone, simply because they weren’t made available legally to consumers.

Release windows

“Our data clearly shows that the rest of the world is paying attention to the Academy Awards and there is significant demand for new movies to be available earlier, in more geographies and over more platforms,” says Rory O’Connor, VP of Managed Services at Irdeto.

“In the world of internet re-distribution, the window between theatrical release and worldwide market availability may simply be too long, leaving room for pirates to take advantage and offer consumers alternative means of instant gratification. Today’s consumers simply refuse to wait to access these movies through legitimate services.”

The rest of the world

Finally, outside of the United States the top ten countries accounting for the most illegal downloads were Russia, Italy, UK, Brazil, Canada, India, Australia, Spain, South Korea and the Netherlands.

And in what is bound to be yet more ammunition for the copyright lobby Down Under, the Oscar for the country with the highest percentage of piracy per Internet user population goes to….

Movie company Voltage Pictures has built quite a reputation in the past couple of years for its approach to those said to have downloaded and shared The Hurt Locker and Dallas Buyers Club without permission.

Litigation in the latter region is reaching a critical point, with Voltage affiliate Dallas Buyers Club LLC (DBCLLC) attempting to force several local ISPs (iiNet, Wideband Networks, Internode, Dodo Services, Amnet Broadband and Adam Internet) to hand over the identities of individuals said to have downloaded the movie of the same name.

The ISPs have been putting up a fight in Sydney’s Federal Court this week in order to protect their customers and thus far DBCLLC and their piracy tracking partners have been given a rocky ride.

Flown in from Germany especially for the hearing, Daniel Macek of BitTorrent monitoring outfit Maverick Eye was given a particularly hard time. On Monday under cross-examination by iiNet barrister Richard Lancaster, SC, the 30-year-old admitted that he did not prepare his own affidavit.

“It was provided [by Dallas Buyers Club],” Mr Macek said.

Since Macek was appearing as an expert witness, the revelation was pounced upon by Lancaster.

“You provide affidavits and statements in lots of litigations all around the world,” Mr Lancaster said. “Is it your practice just to sign what is put in front of you?”

During yesterday’s hearing things only appeared to get worse for Macek, as both his expertise and Maverick Eye’s evidence was called into question. The company provided “.pcap” files to the Court which contained timestamps of alleged infringements but when questioned about their contents, Macek fell short.

“Are you familiar with the information in the .pcap files themselves?” Lancaster asked Macek.

“Not in detail,” Macek admitted.

Lancaster’s questioning was aimed at casting doubt on the timings of alleged infringements logged in the Maverick Eye system. Were the times logged in the .pcap files representative of when a file was uploaded by an infringer’s computer to Maverick Eye’s system, or of a later point when further processing had occurred?

“I don’t understand this .pcap [file] in this detail,” Macek said. “I know how the Maverick software works in general but I’m not aware of the .pcap [files],” he added.

The Judge agreed with Lancaster on the importance of his questioning.

“If the IP [address] switched midway through one of these transmissions it just occurs to me that change would have some impact on your cross-examination,” Justice Perram said.

Also appearing this week was Vice-president of royalties for Voltage Pictures, Michael Wickstrom. The Voltage executive said that piracy was eating away at his company’s profits and had become far too easy. Lawsuits helped raise awareness of the problem, he said.

Under cross-examination Wednesday, Wickstrom denied that the letters sent out to customers in the United States were “threatening”, noting instead that they are a statement of facts.

“There are facts stated [in the letter] that [the customer’s] IP address was identified [as having downloaded the film illicitly],” he said.

“Any settlement amount that is disclosed [in the letter]; that was the attorney’s decision and is done on a case by case basis.”

However, while the company has no real idea of the nature of the people they’re targeting, Wickstrom said his company had limits on who would be pursued for cash demands. According to SMH, the executive said that his company “would not pursue an autistic child, people who were handicapped, welfare cases, or people that have mental issues.”

Some compassion from Voltage perhaps? Not exactly – the company seems more interested in how that would look on the PR front.

“That kind of press would ruin us,” Wickstrom said, adding that “the majority” of piracy was in fact occurring at the hands of vulnerable groups.

If that’s truly the case and any “vulnerable” people inform the company of their circumstances, Voltage stands to make very little money from their Australian venture, despite all the expense incurred in legal action thus far. Strangely, they don’t seem to mind.

“This is truly not about the money here, it’s about stopping illegal piracy,” Wickstrom said.

The International Intellectual Property Alliance (IIPA) has just published its latest submission to the U.S. Government, providing an overview of countries it believes should better protect the interests of the copyright industry.

The IIPA, which includes a wide range of copyright groups including the MPAA, RIAA, BSA and ESA, has listed its complaints against a whole host of countries. As in previous years, Canada was discussed in detail with the recommendation to put it on the 2014 Special 301 ‘watch list’.

One of the main criticisms against Canada is that the country offers a home to many pirate sites. The country recently revised its copyright law but that has done little to address this problem, IIPA believes.

“Although there has been some improvement in recent years, Canada still has far to go to rectify its reputation as a safe haven for Internet pirates. Indeed, a number of the world’s most popular Internet sources dedicated to online theft of copyright material retain connections to Canada.”

Among others, the report lists the popular torrent sites Torrentz.eu, Kickass.to and streaming portal Solarmovie.is as partially Canada-based.

Canada’s inaction against these websites has forced copyright holders to request website blockades in other countries, IIPA claims. In addition, these pirate sites hamper the growth of legal services.

“As long as these sites continue to use Canada as a base, efforts to provide a space within which legitimate, licensed services can take root and grow are undermined, not only in Canada, but around the world,” the report reads.

According to the report Canada’s current copyright law lacks the ability to motivate hosting providers to stop dealing with this sites. Instead, IIPA argues that the law gives these companies “overbroad safe harbors.”

“Clearly the legal incentives remain insufficient for Canadian providers of hosting services to cooperate with right holders to deal with massive and flagrant infringements carried out using their services,” they write.

Aside from hosting pirate sites, IIPA characterizes Canada as a pro-piracy country in general. Canadians download more than twice as much pirated music per capita, according the copyright group.

The “notice and notice” system that was implemented recently, where ISPs have to forward copyright infringement warnings to alleged pirates, is not expected to change much either they say.

“… while the Canadian “notice and notice” system requires service providers to retain records on the identity of subscribers whose accounts have been used for unauthorized file sharing or other infringing behaviors, multiple repeat infringers will be delivered the same notice.”

Ideally, IIPA would like to see a system where repeat infringers can be identified and punished if needed, similar to the “strikes” systems that have been implemented in other countries.

The above is just the tip of the iceberg for Canada. Among other things, the groups also call for stronger border protections and limiting the copyright exceptions for educational use.

The group ask the U.S. Government to “continue to press Canada” to address these and other issues that may hinder the growth of the copyright industry.

“[The U.S. Government] should encourage Canadian authorities to do what they can to give service providers greater incentives to come together with right holders to make meaningful progress against online copyright infringement; but further legislative change is likely to be needed.”

The IIPA’s full 2014 Special 301 recommendation report is available here. This also includes assessments from more than a dozen other countries, including Brazil, China, India, Russia and Switzerland.

According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA. (The Canadian agency was formerly known as “CSEC” until a recent name change.)

[…]

CSE finds some 350 “interesting” downloads each month, the presentation notes, a number that amounts to less than 0.0001 per cent of the total collected data.

The agency stores details about downloads and uploads to and from 102 different popular file-sharing websites, according to the 2012 document, which describes the collected records as “free file upload,” or FFU, “events.”

Being monitored online is a reality largely acknowledged by millions of file-sharers worldwide. Countless rightsholders, anti-piracy outfits, analytics companies and other interested parties crawl BitTorrent and other P2P networks every day, spying on downloads and gathering data.

While the public nature of these networks is perfect for those looking to eavesdrop, individuals who use file-hosting sites are often under the impression that their transfers cannot be monitored by third parties since transactions take place privately from user to site via HTTP.

That assumption has today been blown completely out of the water amid revelations that Canada’s top electronic surveillance agency has been spying on millions of downloads from more than 100 file-sharing sites.

Led by the Communications Security Establishment (CSE), Canada’s equivalent of the NSA, and codenamed LEVITATION, the project unveils widespread Internet surveillance carried out by Canadian authorities.

A document obtained by U.S. whistleblower Edward Snowden and released to CBC News shows that in an effort to track down extremists the spy agency monitors up to 15 million downloads carried out by users around the world every day.

According to the 2012 document, 102 file-sharing platforms were monitored by CSE. Just three were named – RapidShare, SendSpace, and the now defunct Megaupload. None of the sites were required to cooperate with the Canadian government since CSE had its own special capabilities.

“A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites,” The Intercept‘s analysis of the document notes.

Once harvested those IP addresses are cross-referenced with vast amounts of additional data already intercepted by the United States’ NSA and its British counterpart GCHQ. Subsequent searches have the ability to show a list of other websites visited by those downloading from file-hosting sites.

Further associations can then be made with Facebook or Google accounts (via Google analytics cookies) which have the potential to link to names, addresses and other personal details. It’s a potent mix but one apparently designed to weed out just a small number of files from millions of daily events.

According to the LEVITATION documents the system has the ability to track downloads in countries across Europe, the Middle East, North Africa and North America.

Under law, CSE isn’t allowed to spy on Canadians, but IP addresses belonging to a web server in Montreal appeared in a list of “suspicious” downloads. Also monitored by CSE were downloads carried out by citizens located in closely allied countries including the U.S., UK, Germany and Spain.

“CSE is clearly mandated to collect foreign signals intelligence to protect Canada and Canadians from a variety of threats to our national security, including terrorism,” CSE spokesman Andrew McLaughlin told CBC.

While it may be of comfort for Canadians to learn that the government is only interested in a small number of files being exchanged outside the country’s borders, mass surveillance of this kind always has the potential to unnerve when mission-creep raises its head.

Due to a recent change to Canada’s copyright law, ISPs are now required to forward copyright infringement notices to their customers.

As a result, tens of thousands of Internet subscribers have received warnings in their mailboxes over the past days, with some asking for cash settlements.

The so-called notice-and-notice system aims to reduce local piracy rates, but it appears that not all Canadians are ready to give up their habits.

Instead, many file-sharers are taking measures to hide their IP-addresses and bypass the monitoring companies copyright holders have hired. By using VPN services or BitTorrent proxies their sharing activities can no longer be linked to their ISP account, effectively evading the notice system.

Data from Google trends reveals that interest in anonymizing services has spiked with searches for “VPN” nearly doubling in recent weeks. This effect, shown in the graph below, is limited to Canada and likely a direct result of the new law.

“VPN” searches in Canada

The effects are clearly noticeable at VPN providers as well, in both traffic and sales. TorGuard, a VPN and BitTorrent proxy provider saw the number of Canadian visitors and subscribers double this year.

“Since the start of 2015 TorGuard has seen a drastic jump in Canadian traffic and subscribers. At the time of this writing our Canadian sales are up roughly 100% and this trend appears to be increasing,” TorGuard’s Ben Van der Pelt tells us.

TorGuard traffic from Canada

Aside from steering people towards anonymizing tools Canada’s notice-and-notice scheme also piqued the interest of the Government. The abuse of these notices in particular.

Another consequence of the new law is that Canadian VPN providers have to warn pirating users as well. For most services this is impossible, as they don’t keep any IP-address logs, adding further insecurity to the local market.

For now, none of the VPN providers we spoke with plan to start logging but if they are forced to do so the preference is to move their businesses outside Canada.

From the above it’s clear that the new notice-and-notice system is certainly having an impact, but how many file-sharers stop pirating and how many choose to hide instead is anyone’s guess at this point.

One thing’s for certain though, VPN services are certainly becoming a more mainstream option.

Recent changes to Canadian copyright law mean that when rightsholders observe local Internet users infringing copyright online, ISPs must forward any resulting infringement notices to their customers.

The new system has only been in place for just over a week but rightsholders haven’t wasted any time sending notices out. Even smaller ISPs such as Teksavvy are forwarding in excess of 3,000 notices per day.

While notices are one of the more reasonable anti-piracy options available today, there are companies that want to augment those gentle warnings into something more aggressive. Close to day one of the new law, U.S.-based anti-piracy outfit Rightscorp began sending infringement notices to Canadians with cash-settlement threats attached.

“You could be liable for up to $150,000 per infringement in civil penalties,” the notices told alleged music pirates.

Sadly, the claim is completely untrue. Canadian law caps liability for non-commercial infringement at $5,000 for all infringements. This miscalculated eagerness to break the Canadian market could now cost Rightscorp dearly.

Within a day of the company’s bogus threats being made public, Rightscorp attracted the negative attentions of the Canadian government and placed the turn-piracy-into-profit business model under scrutiny.

“These notices are misleading and companies cannot use them to demand money from Canadians,” said Jake Enright, a spokesman for Industry Minister James Moore.

The good news for Internet subscribers is that government officials will contact Internet service providers during the days to come in order to put an end to these threats. However, it’s not clear that will put a complete end to Rightscorp’s activities in Canada.

According to University of Ottawa professor Michael Geist, there is nothing in Canada’s new legislation which restricts the ability of rights holders to include information in notices that goes beyond a simple advisory that copyright law has been breached.

On this basis it seems unlikely that Rightscorp will simply give up. Government comment on the original notices centers around the anti-piracy company’s erroneous citing of U.S. law so modification to reflect the true Canadian position should bring the piracy monetization outfit into line.

It may be, however, that given the government intervention ISPs will choose not to forward Rightscorp notices at all.

Demands for cash aren’t popular with Internet subscribers and there are signs that leading ISPs in the United States don’t like the approach either. While they forward the infringement notices themselves, Comcast, Verizon, AT&T and other major ISPs remove the attached cash settlement demands.

Nevertheless, Rightscorp does work with dozens of smaller ISPs who are happy to assist with the company’s business model. And despite plenty of information being available which advises letter recipients not to pay, many still pay a $20 ‘fine’ to get the company off their back.

Sadly though, sometimes this has the opposite effect. One of Rightscorp’s tactics is to send a bill for $20 for one track from an album and then when people pay, they are subsequently billed for the rest of the tracks at a further $20 each.

Before the notice recipient pays the first $20, Rightscorp has no idea of the person’s identity and would need to spend a lot of money in court to find out – hardly worth it for $20. But having paid $20 and signed a disclaimer, the company now knows the person’s name and address.

At this point the pressure to pay can become overwhelming. Time will tell if Canadians can avoid these tactics.

Alongside site blocking and attacking the finances of pirate sites, so-called “strike” schemes are one of the preferred anti-piracy mechanisms of the mainstream entertainment companies.

The idea is simple. Rightsholders monitor their works being exchanged on file-sharing networks, capture IP addresses of alleged infringers, and send complaints to those individuals’ ISPs. These notices are then forwarded to inform customers of their errant behavior.

There can be little doubt that this option is preferable to suing users en masse, but is the approach effective? Thanks to MPAA documents sent to the studios and obtained by TorrentFreak, we now have a clearer idea of whether the movie business itself thinks that “strikes” programs work – and more besides.

Also confirmed is the MPAA’s desire to implement graduated response schemes with mitigation measures and awareness campaigns attached, the U.S. “Copyright Alerts System” (CAS) for example.

CAS mitigation measures haven’t proven to be particularly aggressive thus far but plenty of users have received notices. Around 1.3 million notices were sent in the first 10 months of operations. By November last year, Comcast alone had sent one million warnings.

But does the Copyright Alerts System work?

While it’s clear that the studios believe these schemes are part of the answer, the MPAA is pragmatic about the CAS behind closed doors, largely since it believes efforts thus far are just the beginning.

The U.S. system is “not yet at scale” or operating with “enough education support” according to the MPAA. As a result the CAS has not made an “impact on the overall [piracy] landscape.”

That said, the MPAA does claim some successes among those receiving notices.

However, the claim that some notice recipients mend their ways after receiving a warning (the rate of re-offending is actually quite high) is somewhat contradicted by another statement later in the same document.

“No current information as to the behavior of users who appear to stop P2P infringement – do not know whether [they are] migrating to other pirate systems or to lawful services,” the statement reads.

Nevertheless, the MPAA appears keen to expand the program to a point where impact is more meaningful. This will require cooperation with ISPs, both on volumes and mitigation measures.

Expansion, tougher punishments

“Attainability as to existing programs boils down to whether ISPs will agree (a) to expand scale to levels that might impact overall P2P piracy, and (b) to enhance remedial measures so as to improve efficacy,” the MPAA writes.

Plans to double up on the number of warnings being sent have already been revealed but whether ISPs will be keen to further punish customers remains to be seen. Still, the MPAA’s graduated response “secondary objective” might help them decide.

“Build and leverage relationships with ISPs; acknowledgement by ISPs of some responsibility for infringement through their systems; gain and/or strengthen government and other influential support for ISP accountability,” the objective reads.

Strikes systems worked elsewhere, right?

Perhaps surprisingly the MPAA has pushed ahead with CAS in the United States despite knowing that similar schemes have produced lukewarm results elsewhere.

“Programs in France and South Korea (both mandated/managed by government) – and available in New Zealand and Ireland” have had a “limited impact” according to the MPAA.

And the notice-and-notice scheme just launched in Canada and the UK’s upcoming VCAP warning system probably won’t produce nice surprises either. The MPAA believes that both are “likely” to prove less effective than programs with mitigation measures, such as the United States’. CAS.

The future

For the coming year it seems likely that while the MPAA will try to expand its current notice programs by volume, it will not attempt to introduce similar schemes elsewhere.

Will users flood to legitimate services though? The MPAA doesn’t know today and won’t know anytime soon but in any event that desired effect will probably require much more investment.

“Should see reasonable economies of scale…but to scale to level that will impact overall P2P piracy will likely require substantial additional resources,” the movie group says.

A change in the law means that when copyright holders spot Canadian subscribers’ Internet connections sharing content online without permission, ISPs must forward any resulting infringement notices to their customers.

Following its introduction less than a week ago, the so-called notice-and-notice system is already being utilized by entertainment companies. Small but popular ISP Teksavvy confirms that it’s already sending out thousands of notices to its subscribers every single day.

“With notice-and-notice, in early January 2015 we were receiving about 3000 copyright infringement notices each day,” the company confirms.

But despite knowing about the system for some time (and the relevant Canadian laws which led to its introduction), it seems that rightsholders haven’t yet found the time to customize their takedown notices to accommodate the law of the land.

“Many of [the notices] are formatted based on the U.S. Digital Millennium Copyright Act (‘DMCA’) requirements, although we expect that to change over time,” Teksavvy add.

While the aims of a DMCA takedown notice tend to be understood internationally, there are companies involved in anti-piracy activities who make more explicit threats so should be more prepared. University of Ottawa professor Michael Geist has already spotted a particularly bad example.

The ridiculous

Rightscorp Inc. is a U.S. based anti-piracy outfit whose activities have been documented here many times. Their business model involves tagging cash demands onto takedown notices so it perhaps comes as no surprise that Canada has become the company’s latest target.

However, instead of tailoring their demands to the Canadian market, Rightscorp have simply exported their U.S. model north. A notice obtained by Geist and sent by Rightscorp on behalf of music outfit BMG reveals the details.

“Your ISP account has been used to download, upload or offer for upload copyrighted content in a manner that infringes on the rights of the copyright owner. Your ISP service could be suspended if this matter is not resolved. You could be liable for up to $150,000 per infringement in civil penalties,” the notice reads.

As Geist points out, the $150,000 claim is bogus since Canadian law caps liability for non-commercial infringement at $5,000 for all infringements. Disconnecting a user from the Internet is also out since there is no provision under Canadian law. Even the claim against music piracy is up for debate.

“Given the existence of the private copying system (which features levies on blank media such as CDs), some experts argue that certain personal music downloads may qualify as private copying and therefore be legal in Canada,” Geist explains.

The benign

But while Rightscorp aim to scare Internet subscribers, it’s clear that other notices being received are much less worrisome. A copy of a notice sent to a Bell Aliant subscriber and obtained by TorrentFreak is a good example.

The subscriber had been downloading a DVD screener copy of the movie American Sniper on Thursday which took just 10 mins to complete. Nevertheless, that was enough to receive a standard U.S. DMCA notice from Warner Bros a few hours later.

“We have received information that an individual has utilized the below-referenced IP address at the noted date and time to offer downloads of copyrighted material. The title in question is: American Sniper,” the Warner Bros. notice begins.

“The distribution of unauthorized copies of copyrighted television programs constitutes copyright infringement under the Copyright Act, Title 17 United States Code Section 106(3). This conduct may also violate the laws of other countries, international law, and/or treaty obligations.

The notice made no threats but did contain a request for the ISP to deal with the customer under its abuse policy. The ISP forwarded the notice but nothing was done to punish the recipient.

The Government of Canada requires by law that all Internet Service Providers (ISPs) let their clients know when content owners contact them about possible unauthorized use of the content owner’s material such as illegal downloading of music, videos and games. As a result, we must let you know that we have received the below notification related to your account.

We want to assure you that Bell Aliant as your Internet Service Provider played no part in the identification of possible unauthorized use of content but are only passing on the owner’s message as required by law.

If you have any questions or need clarification please contact the content owner directly. For more information on why you received this notice visit http://news.gc.ca/web/article-en.do?nid=858069 . Thank you for your cooperation.

The person who received the notice told TF that while he was surprised to have received one so quickly, his downloading habits won’t change.

“I’ll continue to download, I’ll now be activating my VPN though whenever torrenting activity is going on,” he explained. “I suspect it’s a scare tactic that will work on most of the novice Canadians that download. I also suspect that roughly 90% of Canadians have downloaded something illegally, or know some who does for them.”

It’s expected that most ISPs will handle notices carefully but if any reader receives any notices containing threats or aggressive language, please feel free to forward them.

In Canada the local anti-piracy group Canipre is running into the same trap. The blog copyrightenforcement.ca, which is linked to one of the company’s top executives and often used to post Canipre press releases, has been making a habit out of lifting articles written by hard-working journalists.

At TF we publish our content under a CC license, so there’s no foul play there, but the other news sites are not all copy friendly. In fact, the publication of most of the lifted articles amounts to blatant copyright infringement.

While fair dealing exists, posting full articles, some of which are behind a paywall, generally doesn’t fall into this category. And it’s not only the text that’s being copied but also the images which are often independently copyrighted.

After becoming the first company to go after individual Canadian file-sharers in court, this week Canipre announced a new campaign to send copyright infringement warnings to ISPs under the notice-and-notice program.

However, as University of Ottawa professor Michael Geist points out, they may have to start sending piracy notices to their own staff first.

“Canipre would likely offer its services to the media companies whose work is affected, yet it might want to take a closer look at its internal conduct before throwing stones in the form of thousands of notices alleging infringement,” Geist notes.

Making matter even worse, this isn’t the first time that Canipre has been linked to unauthorized copying. Two years ago the company’s own website blatantly used photos that were ripped-off from independent photographers.

As a result of the new copyright law amendments, which also apply to VPN services, providers now have to keep logs of their subscribers’ IP-addresses or face high penalties.

Specifically, the law requires a broad range of Internet services to “retain records that will allow the identity of the person to whom the electronic location belongs to be determined, and do so for six months….”

Failing to log traffic and forward these notices may result in “statutory damages in an amount that the court considers just, but not less than $5,000 and not more than 10,000…”

The new rules also apply to BTGuard, a well-known Canadian VPN and proxy service that claims to keep no logs. Concerned that the new data retention requirements would force a change in this policy, several customers asked the provider for clarification.

Responding to these requests BTGuard assured its customers that its logging policy remains unchanged. However, BTGuard may discontinue its Canadian servers in the near future.

“Rest assured that we are committed to our customers’ privacy. As stated in our privacy policy, we do not log our customers’ usage or IPs and never will,” one customer was told by BTGuard.

“It’s possible that this legislation will require us to discontinue our servers in Canada, but we will find a solution and our services will continue where it’s legal to be anonymous without causing you any inconvenience,” the company added.

In a separate request we asked BTGuard for a comment on how the new law will affect its business. In a short comment we were informed that they are still exploring their options and that no final decision has been made yet.

“We still guarantee privacy. Our servers in Canada might be closed, but we are still exploring our options,” BTGuard’s Jared told TF.

Other providers are prepared to take similar measures. While the text of the law suggests that VPN providers are covered (something that’s also confirmed by one of Canada’s top copyright scholars), many are still uncertain about the exact impact it will have.

TunnelBear informed us that they are still investigating if they are indeed covered by the new legislation. If they are, the company will take its business elsewhere.

“Despite our investigation and legal consultations, it remains unclear whether or not VPN companies are included in the bill. We have brought on legal counsel to continue to investigate,” TunnelBear says.

“If it is determined that TunnelBear is required to comply with C11 if we retain operations in Canada, we will swiftly move our operations to a more privacy friendly region. At no point, under any circumstances will TunnelBear log the activity of our users,” TunnelBear adds.

For TunnelBear the issue is less urgent than for others though, as the company doesn’t allow torrent traffic on its servers.

While the changes may reduce piracy somewhat, it also negatively affects people’s privacy. And with the new data retention requirements Canada has certainly become an unattractive location for VPNs and other privacy services.

—

TF is interested in hearing how other Canadian providers intend to respond to the new law. We sent out more inquiries and will add to this article when responses are received.